On 3/10/2010 10:52 AM, Carlos Alvarez wrote:
On Wed, Mar 10, 2010 at 1:28 PM, Brian Hawkins<brianh...@gmail.com> wrote:
Explain how using memcached opens one self to a DOS attack?
Using memcached to store session data just relying in a previous
calculation of how many memory you will need (all premises) exposes
you to DOS because of the effect explained in other mails: it would be
very easy and some attacker would need a very low bandwith to force
the memcached to expell valid data. If your application relies on data
to be present on the memcached to work properly, you have a problem.
If you have a persistent store, it won't expell data because of space
constraints. Also, I find a lot more easier (and cheaper) to have a
4TB persistent store than a set of memcached.
But you'll find it very expensive to scale up the number of servers
accessing that persistent store and the speed it can operate if you
don't use something like memcache in front of it.
--
Les Mikesell
lesmikes...@gmail.com
